[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svnadmin create and not being method agnostic

From: Nico Kadel-Garcia <nkadel_at_gmail.com>
Date: Sat, 1 Jan 2011 22:35:52 -0500

On Thu, Dec 30, 2010 at 9:41 AM, Bob Archer <Bob.Archer_at_amsi.com> wrote:

> Is there really that much overhead in deleting the binary and insuring the correct permissions are used on the repository folders to "keep the honest, honest?" After all, any one with root/administrator access is able to bypass anything you've done anyway.

That one's nasty. Since it runs on a "high numbered port", any user
can run a binary to access it, at least as long as the repository
folders are readable to that user. And since they are by default with
the 'svnadmin hotcopy' and 'svnadmin create' commands, well, it gets
difficult.

It's concievable to set the umask inside 'svnadmin create' to be 077,
and for 'svnadmin hotcopy' to replicate such permissions, but that
would take a lot more work and especially a *lot* more testing.

> It rather see the devs working on 1.7 WC features like a real "branch" command, performance, etc, rather than adding a config option that nobody will use.
>
> Also, if you want a more "secure" version of subversion package up your own binaries that don't include svnserve... let the svn dev's work on the stuff that we can't do with 3 or 4 lines of a batch/command file.
>
> BOb
>

That requires manual editing of the installer. Feasible for Subversion
RPM's, but a bit awkward for many other developers, and bound to cause
confusion.
Received on 2011-01-02 04:36:28 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.